Description of problem: While doing this step in the RDO Manager 3.0 install guide instack-build-images I get errors that the image could not join the Satellite server do to insecure https server. I have registered the satellite server with a CA Cert to see if this would fix the problem but it has not. Version-Release number of selected component (if applicable): How reproducible: Every time i run instack-build-images with below export settings export NODE_DIST=rhel7 export DIB_LOCAL_IMAGE=rhel-guest-image-7.1-20150224.0.x86_64.qcow2 export REG_METHOD=satellite export REG_SAT_URL="https://cas-mtv5-sat01b.cisco.com" export REG_ORG="CAS" export REG_ACTIVATION_KEY="OPST" export REG_FORCE=true Steps to Reproduce: 1.Follow all steps on this install up to build image https://repos.fedorapeople.org/repos/openstack-m/docs/master/basic_deployment/basic_deployment.html 2. At the image build step where you run this command it fails. instack-build-images Actual results: + /tmp/in_target.d/pre-install.d/00-rhel-registration Installing satellite dependencies curl: (60) Peer's Certificate issuer is not recognized. More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. error: skipping https://cas-mtv5-sat01b.cisco.com/pub/katello-ca-consumer-latest.noarch.rpm - transfer failed Retrieving https://cas-mtv5-sat01b.cisco.com/pub/katello-ca-consumer-latest.noarch.rpm Registering with options: --force --activationkey=*** --org=CAS Organization CAS does not exist. Expected results: The rpm should install just fine as we do this manually a lot here. Additional info: Checking the code of 00-rhel-registration i see this code block. satellite) # Save an unmodified copy of the repo list for logging user_repos=$repos repos="$repos --enable ${satellite_repo}" echo "Installing satellite dependencies" rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true echo "Registering with options: $sanitized_opts" subscription-manager register $opts echo "Enabling repos: $user_repos" subscription-manager $repos echo "Disabling satellite repo because it is no longer needed" subscription-manager repos --disable ${satellite_repo} ;; This looks all correct so not sure why it is trying to curl pull the katello-ca-consumer-latest.noarch.rpm file. There should be some switch to say it ok to get file with insecure server as a switch.
This bug is against a Version which has reached End of Life. If it's still present in supported release (http://releases.openstack.org), please update Version and reopen.